| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Feb 2023 11:00:18 +0100
From: Vlastimil Babka <vbabka@...e.cz>
To: linux-mm@...ck.org, "Liam R. Howlett" <Liam.Howlett@...cle.com>
Cc: linux-kernel@...r.kernel.org, patches@...ts.linux.dev,
maple-tree@...ts.infradead.org, Vlastimil Babka <vbabka@...e.cz>
Subject: [RFC 07/11] mm/mmap/vma_merge: set mid to NULL if not applicable
There are several places where we test if 'mid' is really the area NNNN
in the diagram and the tests have two variants and are non-obvious to
follow. Instead, set 'mid' to NULL up-front if it's not the NNNN area,
and simplify the tests.
Also update the description in comment accordingly.
Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
---
mm/mmap.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/mm/mmap.c b/mm/mmap.c
index e7d497237f44..e05bbcaf7b61 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -848,10 +848,11 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
*
* The following mprotect cases have to be considered, where AAAA is
* the area passed down from mprotect_fixup, never extending beyond one
- * vma, PPPPPP is the prev vma specified, and NNNNNN the next vma after:
+ * vma, PPPPPP is the prev vma specified, NNNN is a vma that overlaps
+ * the area AAAA and XXXXXX the next vma after AAAA:
*
* AAAA AAAA AAAA
- * PPPPPPNNNNNN PPPPPPXXXXXX PPPPPPNNNNNN
+ * PPPPPPXXXXXX PPPPPPXXXXXX PPPPPPNNNNNN
* cannot merge might become might become
* PPXXXXXXXXXX PPPPPPPPPPNN
* mmap, brk or case 4 below case 5 below
@@ -879,9 +880,10 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
*
* In the code below:
* PPPP is represented by *prev
- * NNNN is represented by *mid (and possibly equal to *next)
- * XXXX is represented by *next or not represented at all.
- * AAAA is not represented - it will be merged or the function will return NULL
+ * NNNN is represented by *mid or not represented at all (NULL)
+ * XXXX is represented by *next or not represented at all (NULL)
+ * AAAA is not represented - it will be merged and the vma containing the
+ * area is returned, or the function will return NULL
*/
struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
struct vm_area_struct *prev, unsigned long addr,
@@ -918,6 +920,9 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
else
next = mid;
+ if (mid && end <= mid->vm_start)
+ mid = NULL;
+
/* verify some invariant that must be enforced by the caller */
VM_WARN_ON(prev && addr <= prev->vm_start);
VM_WARN_ON(mid && end > mid->vm_end);
@@ -952,7 +957,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
remove = next; /* case 1 */
vma_end = next->vm_end;
err = dup_anon_vma(prev, next);
- if (mid != next) { /* case 6 */
+ if (mid) { /* case 6 */
remove = mid;
remove2 = next;
if (!next->anon_vma)
@@ -960,7 +965,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
}
} else if (merge_prev) {
err = 0; /* case 2 */
- if (mid && end > mid->vm_start) {
+ if (mid) {
err = dup_anon_vma(prev, mid);
if (end == mid->vm_end) { /* case 7 */
remove = mid;
@@ -982,7 +987,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
vma_end = next->vm_end;
vma_pgoff = next->vm_pgoff;
err = 0;
- if (mid != next) { /* case 8 */
+ if (mid) { /* case 8 */
vma_pgoff = mid->vm_pgoff;
remove = mid;
err = dup_anon_vma(next, mid);
--
2.39.2
Powered by blists - more mailing lists